<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 25/06/14 14:13, Emil Natan wrote:<br>
</div>
<blockquote
cite="mid:CAG=4S2D5cPpYR7ZJms4X3_UYo0Yk-7Fhxn+keMZuK--3CyEmow@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div dir="ltr">Hello,
<div><br>
</div>
<div>My goal is to replicate the ODS configuration between two
nodes, one is active with ODS running and one passive where
ODS is not running.</div>
<div><br>
</div>
<div><a moz-do-not-send="true"
href="https://wiki.opendnssec.org/display/DOCS/High+availability">https://wiki.opendnssec.org/display/DOCS/High+availability</a><br>
</div>
<div><br>
</div>
<div>... states under the "What to copy" section:</div>
<div><br>
</div>
<div>"The state data - the minimum data required are the
signconf files (default location is the
/var/opendnssec/signconf directory)"</div>
<div><br>
</div>
<div>I see the files under signconf actually contain
configuration copied from kasp.conf and information about the
keys which is stored in the database (in my case MySQL). If
missing these files, they are automatically created when the
enforcer starts. My point is I do not see a reason to copy
these files from one machine to another if they are created
when the enforcer starts. Can I really omit this step or I'm
missing something?</div>
<div>Thanks.</div>
<div><br>
</div>
<div>Emil<br>
</div>
</div>
</blockquote>
<br>
Hi Emil,<br>
<br>
I think that the meaning here is that so long as you have those
files you can run a signer instance and so keep signatures from
expiring.<br>
<br>
Your assertion about them being created by the enforcer is correct.
However, when you start your backup enforcer you need to be sure
that the keyset is the same and so these files can be useful for
that too.<br>
<br>
Sion<br>
</body>
</html>